HHS Combats Cyberthreat Deluge with IT Modernization

The top three IT risks at the Health and Human Services Department are cybersecurity, human capital and legacy systems, but this isn’t a surprise to Chief Information Officer Beth Killoran, who’s worked on ramping up the department’s cyber defenses.

Killoran spoke at the GovernmentCIO MagazineCXO Tech Forum on Oct. 19 about the current IT initiatives departmentwide and her biggest priority for 2018. This year, she’s been bolstering cybersecurity with legacy system modernization.

“We understand that those high-value assets can be taken down by being an old system or by being breached, and in many cases, they go hand in hand,” she said. “And so we have to make sure that we’re building in capabilities of protection. It’s not mission or protection; it’s mission with protection.”

-- Sign up for our weekly newsletter to receive the latest analysis and insights on emerging federal technologies and IT modernization.

Killoran focuses on the overarching infrastructure, making sure the byways and intersections are in place to allow HHS’ 11 operating divisions to adopt innovative tech and integrate siloed data.

“The department is data rich and information poor,” largely because of HHS’ aging legacy infrastructure, she said. “My job is to bring us up to par with industry so that we can then plug and play with the operating divisions to bring in that new tech.”

So, Killoran started by identifying high-value assets. The department had about 100 systems; 57 of which were determined most critical to business operations directly affecting citizens. The department is working with vendors on replacing and modernizing those first with a departmentwide plan.

The Food and Drug Administration, a HHS division, heavily focuses on interoperability when it comes to legacy systems.

In a panel with Killoran at the GCIO Magazine event, FDA CIO Todd Simpson said he adopted a interoperability-first mantra to tackle his organization’s three biggest challenges: interoperability, system duplication and data.

FDA’s modernization foundation relies on its cloud brokerage model composed by six different cloud service providers and infrastructure, platform- and software-as-a-service.

“We need to bring a little bit more order to the way we do our development, the way we manage our business, and really leverage the cloud and bring a pathway to migrate our legacy systems and to do new development,” Simpson said.

That’s where FDA will bring it all together.

Now, FDA is working on Continuous Diagnostics and Mitigation and forging it with the cloud brokerage model. Simpson is pushing ahead with certain technologies that address both the need to watch and monitor data moving between the cloud and on-premise facilities, and CDM.

What’s Next

While cybersecurity remains a top priority for HHS, emerging tech and innovation will also be a focus in the immediate future.

Simpson kicked off a workforce optimization initiative to realign everything in the organization, refocus on innovation and flush out a proper governance model. Inside that innovation realm, Simpson said FDA has brought in many different technologies.

“There are several technologies that we’re looking at that are complementing one another and we’re finding the use cases across the FDA,” he said.

He’s also taking a different approach: Rather than limiting vendor and FDA customer interaction, Simpson realized the role is too big at FDA, considering the thousands of federated users.

“I have to rely on my vendor partners to come in so I look for strategic partnerships, ones that I can really trust,” he said. “I need more of that strategic partnership, especially in the innovation front, when it comes to things like AI.”

This way, vendors can spark ideas FDA can potentially bring to the innovation lab for proof of concepts, pilots and implementations. The hope is this information helps industry to penetrate the hard shell of FDA to do business.

And to manage legacy systems, putting things in the cloud and adopting new technology, both Killoran and Simpson said having an application program interface gateway is the next big priority.

“My big hit for 2018 is a microservices departmental gateway, legacy new version of a service bus for all of our management systems,” Killoran said.

For FDA, Simpson said APIs are critical to achieving interoperability.

“We’ve actually identified a cloud service provider that we’re looking at partnering with to provide that support,” he said, which is part of FDA’s overall microservices roadmap.

Killoran said HHS will leverage some of the capability FDA has done around microservices and expand it across the department.

“That’ll be a big, huge thing, because right now, for example, some of our systems have over 100 different interfaces alone,” she said. “And then if you do that on a multiple system to system basis, point to point, you can imagine the complexity and cost associated.”